Re: Reformat or wipe?

From: Robert Moir (bofh_at_mvps.org)
Date: 07/12/04 

Date: Mon, 12 Jul 2004 20:58:00 +0100

Alex wrote:
> Thanks for the advice and info below - rather than stretch
> the thread, I would be even more grateful for some answers
> to these questions:
>
> 1 Is it PREFERABLE to wipe the HDD or go through malware
> removal proceses? I don't care about losing data, I just
> want to know whether reformating is relatively quick and
> easy and not likely to have any adverse effects on my
> system (assuming it's a fairly standard system to save
> time). Malware removal appears to be laborious and often
> not 100% effective. A reformat would be "the ultimate
> weapon", right?

Wiping and starting again is always the preferred solution because you'll be
100% sure you removed the problem this way. This is often seen as an extreme
measure, and for a home user with a lot to lose and maybe a lack of
experience in setting things up, I'd certainly call it a last resort... but
for all users, at home and at work, sooner or later this option becomes more
"cost effective" than trying to disinfect a machine... where that point
occurs for you is obviously your decision.

(note that depending on the type of virus involved in virus outbreaks,
"wiping" might be more involved than you'd normally think, as well).

However, this doesn't *fix* the problem... the malware might be gone but the
hole it used to infect your machine will more than likely be present once
you rebuild your machine. You need a strategy for keeping your machine
clean, and for assessing any threat that does get past your defences so that
it won't beat you again. This actually means that you might not want to wipe
a system until you know the exact reason why you need to.

> 2 What's the best malware protetion for broadband users
> (pipex is my isp)? I used Zonealarm before, and liked
> it. Is this sufficient to keep spyware, tojans, etc at
> bay? Opinions appreciated.

I'm not a fan of zone alarm myself, but thats a matter of personal taste.
Rather than bash various pieces of software and drag your debate off course,
I'll note that firewalls are good at what they do, but they only protect one
approach road to your computer. There are many others that need protecting.
You should at least be using antivirus software as well, and your most
powerful weapon isn't inside your computer, nor can you ever install it
there; use your brain...

THINK before you install free things that sound too good to be true...

THINK before you open weird emails and/or click on every link you see in
emails and newsgroup postings.

REMEMBER its possible (but not advisable), **if you know enough about how
these things work**, to not use a software firewall or a virus scanner and
still avoid malware. It can be done if you think about what you are doing
all the time. However, if you install a firewall and a virus scanner but
behave irresponsibly and use your computer in an "unsafe" way, then you
*will* become infected again. Hence the most important part of your security
suite is your brain.

I like to use the analogy of comparing virus scanners and firewalls to
seatbelts in cars. Seatbelts save lives in the event of an accident and
everyone should use them (in my opinion).... that doesn't mean seatbelts
make it safe for people to go around having high speed crashes on purpose. 

-- 
-- 
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
Kazaa - Software update services for your Viruses and Spyware.

Relevant Pages

  • Re: Is there any point to full host names in /etc/hosts ?
    ... Using non-IE browsers means they have to work harder to get malware onto their machines - having a virus scanner in the path would make it even harder. ... You make it sound as though there are gangs of crackers working round the clock on ways to break into my networks, using a combination of essentially unrelated client and server attacks. ...
    (comp.os.linux.networking)
  • Re: How good is Comodo Internet Security?
    ... what happenign to my system when a malware tries to compromise it, ... Routers and hardware firewalls wotn save my ass when windows get infected ... connect out from your host to where they can connect. ... NOT to protect against infection except merely as a consequence of your ...
    (comp.security.firewalls)
  • Re: Out of tree module using LSM
    ... You can't scan all possible code for malware: ... Take a random piece of code, possibly halting. ... to enforce a preloader for static binaries, ... Without having a virus scanner installed, ...
    (Linux-Kernel)
  • Re: Is there any point to full host names in /etc/hosts ?
    ... get malware onto their machines - having a virus scanner in the path ... Black hats/crackers are cracking content servers to deliver their malware. ... AV vendors are scanning sites for malware. ... blacks lists to serve up malware if the ip is not in the AV vender ...
    (comp.os.linux.networking)
  • Re: How good is Comodo Internet Security?
    ... if a program could distinguish between good and malicious actions (which ... If what you say stands TRUE, especially if malware could SIMPLY TERMINATE security products that's gets into their way, then the majority of all computer users must be really idiots or plain ignorant to start or continue using personal firewalls including me. ...
    (comp.security.firewalls)